Introduction & Best Practices
System Security
Once you have archived the change documents from the User and Permission Management, you can use a logical index for change document properties to significantly improve performance. First, however, you must ensure that SAP Notes 1648187 and 1704771 are installed in your systems. These notes provide the SUIM_CTRL_CHG_IDX report, which adds key characteristics for change document characteristics of the PFCG and IDENTITY object classes to the SUIM_CHG_IDX table when you have marked the Indices key change documents field. All change documents are indexed (this can lead to a very long run time when the report is first run). Later, the newly added change documents are indexed regularly (e.g. weekly or monthly). To do this, specify the target date in the selection of the report and schedule it as a regular job. Note that you can only create the index until the previous day - otherwise inconsistencies may occur.
SAP authorizations control the access options of users in an SAP system, for example to personal data. Managing this access securely is essential for every company. This makes authorization concepts, authorization tools and automated protection of the SAP system all the more important.
Development
Permissions in the Permission Tree with status are only deleted if the last transaction associated with the permission has been deleted from the Role menu. Delete and recreate the profile and permissions All permissions are created anew. Previously maintained, changed or manual values will be lost and deleted. The exception here is the values that are filled by the organisation levels.
To support the safe operation of SAP systems, SAP offers a whole portfolio of services. We present the security services offered by SAP Active Global Support (AGS). The security of an SAP system in operation depends on many factors. There are several security features in the SAP standard, such as user management, authentication and encryption capabilities, web service security features, and the various authorisation concepts. Vulnerabilities in the standard software are also regularly fixed in SAP notes and support packages. You are responsible for the safe operation of your SAP system landscapes; so you need to incorporate these features and fixes into your systems. The AGS Security Services support you by bundling the experiences of the AGS into consolidated best practices. We introduce these services and describe how they help you gain an overview of the security of your operational concept.
Authorizations can also be assigned via "Shortcut for SAP systems".
Add the Role Menu to the Collect Roll using the Read Menu button.
For each authorization object, you can maintain field values that appear as suggestion values in the respective roles.